CVE-2015-1258

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 43.0.2357.65 Opera (affected versions not specified) libvpx (affected versions not specified)

Description The issue allows a remote attacker to cause a denial of service by initializing fields with a negative size through the use of specially crafted VP9 video frames. This is due to the libvpx code not being built with an appropriate --size-limit value. The attacker can trigger a negative value for a size field, potentially having unspecified other impacts.

Recommendations For Google Chrome versions prior to 43.0.2357.65, update to version 43.0.2357.65 or later. For Opera, at the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, consider restricting the use of VP9 video data in affected browsers until a patch is available.